From e280b92bdb8e1c8cc401d9c74b8c64b5faf80b77 Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Wed, 3 May 2017 13:53:05 +0200
Subject: [PATCH] Fix CSP issues with Chrome 58

---
 config.example.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/config.example.js b/config.example.js
index 859c4b872..626d81908 100644
--- a/config.example.js
+++ b/config.example.js
@@ -39,10 +39,10 @@ module.exports = {
             if you are deploying to production, you'll probably want to remove
             the ws://* directive, and change '*' to your domain
          */
-        "connect-src 'self' ws://* wss://*",
+        "connect-src 'self' ws: wss:",
 
         // data: is used by codemirror
-        "img-src 'self' data:",
+        "img-src 'self' data: blob:",
     ].join('; '),
 
     // CKEditor requires significantly more lax content security policy in order to function.
@@ -59,7 +59,7 @@ module.exports = {
          "child-src 'self' *",
 
         // see the comment above in the 'contentSecurity' section
-         "connect-src 'self' ws://* wss://*",
+         "connect-src 'self' ws: wss:",
 
         // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads
         "img-src *",